<?php
	
	require_once('../includes/config.php');
	require_once('../includes/functions.php');
	
	// Retrieve base HTML
	$pageStr = buildStandardPage('Sign in','Sign in');

	/**
	 * Let's generate the content we want to display in this page
	 */
	$content = '';
	
	if(isMobile()){
		$content .= 'Detected Mobile!';
	}
	else{
		/**
		 * Check if the user already logged in, if so tell them!
		 */
		if(true == isLoggedIn()){
			$content .= $ALREADY_LOGGED_IN;
		}
		else{
			/**
			 * Check if the user already clicked the 'submit' button
			 *   This means they sent their info to the server!
			 */
			if(true == isset($_POST['submit'])){
				
				// Clean the information the user submitted to the website
				// this prevents SQL injection
				$_POST = cleanPost($_POST);
				
				// check if this is a valid user
				$query = buildSelectStatement('user', array('email' => $_POST['email']));				

				$result = executeSQL($query, 'authentication/index.php - Connecting to the database failed');

				$userInfo = mysql_fetch_assoc($result);
				
				if($userInfo){
					// validate the user's password
					if(true == (hash('sha256', $_POST['password'] . $userInfo['salt']) == $userInfo['passwordhash'])){
						
						// set the user's session id
						$_SESSION['id'] = $userInfo['id'];
						
						if(true == isCustomer()){
							$_SESSION[$SELECTED_USER_ID] = $userInfo['id'];
						}
						
						// redirect the user to the success page
						header('location:' . $AUTH_URL . 'success.php');
					}
					else{ // the user provided the wrong password
						$content .= $BAD_USERNAME_OR_PASSWORD;
					}
				}
				else{ // the user provided the wrong password
					$content .= $BAD_USERNAME_OR_PASSWORD;
				}
			}
			/**
			 * The user hasn't logged in yet so we need to give them a form to sign in.
			 */
			else{

				/** 
				 * This form will send data back to the server through a POST!
				 * onsubmit - calls a javascript function to validate the user's input on the client's machine
				 * 
				 * ask the user for a username and a password 
				 * give the user two options: login or cancel
				 */
				$content .= 'For current online banking customers,'
						 .' please, enter your email and password below to login.<br/><br/>';
				$content .= '<form method=POST action='. $_SERVER['PHP_SELF']. ' onsubmit="return validateLoginForm(this);">';
				$content .= '<table><tr><td>Email</td> <td><input type=text name=email></td></tr>';
				$content .= '<tr><td>Password </td> <td><input type=password name=password></td></tr>';
				$content .= '<tr><td></td> <td><input type=submit name=submit value=Login >';
				$content .= '<input type=button value=Cancel onclick="window.location=\'' . $SITE_URL . '\'" ></td></tr>'
				.'<tr><td></td><td><a href="'. $AUTH_URL .'forgot.php" >Forgot Password?</a></td></tr>'
				.'<tr><td></td><td>Not a member? - <a href="'. $USERS_URL .'add.php" >Register Here</a></td></tr></table>';
				$content .= '</form>';

			}
		}
	}

	/**
	 * Replace the content string
	 */
	$pageStr = str_Replace('<!--content-->', $content, $pageStr);
		
	/**
	 * Send the generated HTML to the client's browser
	 */
	echo $pageStr;

?>